Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

http: reject header contents with nul bytes #8601

Closed
wants to merge 2 commits into from

Conversation

bagder
Copy link
Member

@bagder bagder commented Mar 16, 2022

They are not allowed by the protocol and allowing them risk that curl
misbehaves somewhere where c functions are used but won't work on the
full contents. Further, they are not supported by hyper and they cause
problems for the new comign headers API work.

Updated test 262 to verify.

@bagder
Copy link
Member Author

bagder commented Mar 16, 2022

I made it return CURLE_WEIRD_SERVER_REPLY, as it seemed the best available error code.

They are not allowed by the protocol and allowing them risk that curl
misbehaves somewhere where c functions are used but won't work on the
full contents. Further, they are not supported by hyper and they cause
problems for the new coming headers API work.

This also makes hyper return the same thing for this error.

Updated test 262 to verify and enabled it for hyper as well

Closes #8601
It was used for too many other cases as well
@bagder bagder closed this in 526e0ef Mar 17, 2022
@bagder bagder deleted the bagder/reject-http-zero branch March 17, 2022 09:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging this pull request may close these issues.

1 participant